Prepared by Kamal Khan, CISA,
CISSP, CITP, mbCS
Take the quiz online:
AKHTAr, buCHHOLTS, ryAn AnD Se TTy Ar TICLe
1. In many instances, IT auditors merely confirm whether
backups are being performed either to disk or to tape, without
considering the integrity or viability of the backup media.
2. A checklist for database backup and recovery includes
ensuring that there is sufficient budget to cover the cost of
3. Oracle and MS SQL Server databases can be backed up to
tape or disk. It is not a good idea to back up to disk first
because they are difficult for DBAs to monitor and control.
OyemADe Ar TICLe
11. IT has the potential for business transformation and also
represents a significant investment, typically from 1-8 percent
of gross revenue.
12. The three-lines-of-defense model consists of three key
elements: risk identification, risk assessment and risk
13. The four types of risk response are risk avoidance, risk
sharing/transfer, risk acceptance and risk reduction/mitigation.
Du TTA AnD SISTA Ar TICLe
4. A backup and recovery SLA is an important mechanism in
assisting in the recovery process.
5. IT auditors can assist data administration teams in
strengthening their controls and data recovery processes by
validating DBA operations.
TAmmIneeDI Ar TICLe
6. Disaster recovery planning (DRP) involves planning and
procedural aspects, encompassing emergency reponse and
7. BS 25999 Business continuity management establishes the
process, principles and terminology of BCM and highlights the
benefits and outcomes of an effective BCM program.
14. The Basel II framework uses three pillars: ( 1) detailed
methods for calculating minimum regulatory capital, ( 2)
supervisory review standards and ( 3) market disclosure.
15. The Basel Committee classifies operational loss data in seven
categories including damage to physical assets and business
disruption and system failures.
DAvIS, FerreLL, SCrAn TOn AnD mILLAr Ar TICLe
16. Fraud impacted 97 percent of organizations in 2010, according
to the Kroll Global Fraud Report.
17. Prioritizing results according to specific red flags has cut
review times by more than 57 percent.
8. The main BCM assets are the six organizational resources:
power, premises, technology, information, supplies and
9. Most business continuity and disaster recovery plans address
failover to a hot site or alternate site. Very few address the
need to move operations back to a restored primary location.
10. Many business continuity plans are built on assumptions that
may not include all relevant assumptions and limiting factors.
For example, one assumption is that employees will go long
distances to support operations, whereas local or regional
disasters can make employees reluctant to go far from home.